Terminate multiple TLS domains, with both Fly and custom certificates

eproxus · November 23, 2022, 10:39am

I’m interested in running a normal web app (e.g. on https://example.com) and using Fly to manage certificates for me, but I also want to host a special domain (https://iot.example.com) where I want to use mutual TLS and serve my own certificate for that purpose.

Is there a way to configure multiple domains running on 443 but use Fly’s tls and https handler on only one of them, and do TCP passthrough for the other?

ignoramous · November 23, 2022, 10:47am

Not possible today.

You can however deploy two Fly apps (one that uses Fly-terminated TLS and the other that doesn’t). That’s what we do.

It’d be rad to be able to do so, but requires changes to the way Fly proxy works. Possibly, sniffing SNI (optionally, making it compliant with the ECH standard) and deciding whether to terminate TLS or pass it through.

cc: @jerome

Topic		Replies	Views
Customer provided SSL cert Questions / Help	4	375	March 29, 2023
Hosting reverse proxy for custom SaaS domains on Fly	6	1166	October 12, 2022
Mutual TLS	2	296	November 2, 2022
How to use Fly-Replay with a wildcard ssl certificate? Questions / Help	2	196	September 4, 2023
Feature request: Upload custom certificate	1	307	October 13, 2022

Terminate multiple TLS domains, with both Fly and custom certificates

Related Topics